Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renable assertion #37

Merged
merged 1 commit into from
Dec 30, 2022
Merged

Renable assertion #37

merged 1 commit into from
Dec 30, 2022

Conversation

sanket1729
Copy link
Member

@sanket1729 sanket1729 commented Oct 21, 2022
edited
Loading

Rethink about correctness/malleability properites in covenants. See the commit description

@apoelstra
Copy link
Member

Ooo, very interesting CI failure

thread 'descriptor::csfs_cov::tests::parse_cov' panicked at 'called `Result::unwrap()` on an `Err` value: TypeCheck("fragment «thresh(2,ver_eq(1),s:pk(C),s:pk(B))» sub-fragment 0 can not be dissatisfied and cannot be used in a threshold")', src/descriptor/csfs_cov/mod.rs:86:61

I think this is, strictly speaking, true, and we cannot sensibly/correctly use a threshold of covenant conditions! Miniscript saves us again.

@sanket1729
Renable assertion
61c2f3a 
Redo all correctness and malleablity properties for Covenant fragments.
Minsicript fragments were designed only to consider inputs from stack
for satisfaction/dissatisfaction.
Traditional fragments can only be dissatified from stack inputs, but
covenant fragments can be dissatisfied by changing the transaction
components. We do not consider these malleabilities in the extensions
and only deal with script witness malleability.

I also needed to remove the test that used now incorrectly typed
miniscript.
@apoelstra
Copy link
Member

This looks good, though I realize I was confused -- I thought all the covenant fragments were VERIFY conditions and actually couldn't be dissatisfied even by modifying the transaction.

But they're not so, the situation is more subtle...

  • Any introspection of the current input cannot be dissatisfied under any circumstances, without changing the input (but then we're executing a totally different miniscript :))
  • Any introspection of other inputs, or outputs, can be dissatisfied but are only malleable if the relevant data is unsigned (i.e. the fragment is non-safe). IOW the assertion is actually wrong and you were initially correct to remove it.
  • It is actually totally fine to have a threshold of covenant fragments

Having said that, I'm a bit scared to remove this assertion because it reflects an underlying assumption about Miniscript that we're eliminating...I wonder if we should make all the covenant requirements verify-only and force the user to use a d: wrapper? But then we're forcing inefficiency.

apoelstra
apoelstra approved these changes Oct 24, 2022
View reviewed changes
Copy link
Member

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 61c2f3a

@sanket1729
Copy link
Member Author

I wonder if we should make all the covenant requirements verify-only and force the user to use a d: wrapper?

This is what I am leaning towards.

@apoelstra
Copy link
Member

Cool. It would be fine for us to later expand the language if it turned out that we need non-VERIFY covenants in a lot of contexts, so if VERIFY-only lets us simplify our reasoning, let's do that for now.

@sanket1729
Copy link
Member Author

I'm a bit scared to remove this assertion because it reflects an underlying assumption about Miniscript that we're eliminating..

The assertion is re-enabled in this PR.

I wonder if we should make all the covenant requirements verify-only and force the user to use a d: wrapper?

Upon more investigation, there is some work in changing the miniscripts as it would require editing all the tests. IMO, the current fix with assertion enabled should be fine for now.

@sanket1729 sanket1729 merged commit 19dde63 into ElementsProject:master Dec 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apoelstra apoelstra apoelstra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sanket1729 @apoelstra